US10666432B2 - System and method of securing devices using encryption keys - Google Patents
System and method of securing devices using encryption keys Download PDFInfo
- Publication number
- US10666432B2 US10666432B2 US16/424,675 US201916424675A US10666432B2 US 10666432 B2 US10666432 B2 US 10666432B2 US 201916424675 A US201916424675 A US 201916424675A US 10666432 B2 US10666432 B2 US 10666432B2
- Authority
- US
- United States
- Prior art keywords
- physical device
- credential
- security server
- share
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000008569 process Effects 0.000 claims abstract description 37
- 238000004891 communication Methods 0.000 claims abstract description 27
- 238000004519 manufacturing process Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 2
- 239000003795 chemical substances by application Substances 0.000 description 8
- 238000009826 distribution Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 238000010367 cloning Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H04W12/001—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Definitions
- the present invention generally relates to security of physical devices.
- the present invention discloses a computerized system and method for securely distributing credentials and encryption keys for physical devices, for example IoT devices.
- the method can be performed throughout the supply chain or later, when a person wishes to add cryptographic credentials to the device he/she purchased. This distribution can be initiated remotely or on-site, and at various parts of the supply chain.
- the system comprises a module in the physical device, for example a software, hardware or firmware module, configured to interact with a message received from another device.
- the module can extract credentials from the message and use the credentials when necessary, for example when authentication of the physical device is required.
- the physical device may also comprise a communication module configured to receive the message, either from a security server having access to the internet, or from an intermediate entity located closer to the physical device, for example via Bluetooth communication.
- the system also comprises a multi-party computation (MPC) module configured to compute two or more shares of the credential, send one share to the physical device and store another share associated with the device identifier in a credential database.
- MPC multi-party computation
- the physical device receives only a portion of the credential and the manufacturer or personnel associated with manufacturing the physical device cannot compromise the credential.
- credential may be an encryption key.
- the cryptographic credential operations (such as credential creation, usage etc.) disclosed in present invention may be performed without ever bringing the entire credential together in one place, such as the server or the physical device.
- the system may also comprise an intermediate entity configured to communicate with both the security server and the physical device, in case the physical device lacks internet access or any other predefined ability required to communicate directly with the server.
- the credential share is sent from the security server to the intermediate entity, which transmits the credential share to the physical device.
- FIG. 1 shows a computerized environment for provisioning keys into physical devices having communication connectivity, according to exemplary embodiments of the present invention
- FIG. 2 shows a computerized environment for provisioning keys into physical devices that lack communication connectivity, according to exemplary embodiments of the present invention
- FIG. 3 shows a computerized environment for authenticating physical devices using MPC, according to exemplary embodiments of the present invention.
- FIG. 4 shows a method for provisioning keys into physical devices, according to exemplary embodiments of the present invention.
- the present invention discloses a computerized system and method for securely distributing credentials and encryption keys for physical devices, for example IoT devices.
- the credentials may be distributed during the manufacture process of the physical device or after, for example by a person using the device or a person who purchased the device.
- the credential is divided into shares that are stored in different entities, for example one share is stored in the physical device and the other share is stored in a security server, while no entity has access to a share not stored therein. This way, a secret associated with a physical device, for example an encryption key or a password, can be generated, used etc. without ever being unified, even during the provisioning process.
- the key is generated in a distributed manner using Multi-Party Computation (MPC), in which one share is stored on the security server and another share is stored on the physical device.
- MPC Multi-Party Computation
- FIG. 1 shows a computerized environment for provisioning keys into physical devices having communication connectivity, according to exemplary embodiments of the present invention.
- the term communication connectivity relates to a variety of communication protocols and techniques, for example Local Access Network (LAN), Wide Access Network (WAN), internet access, internet protocol, Bluetooth, ZigBee and the like.
- the physical device 110 may be a device having electronic capabilities, for example a device capable of generating or transmitting information to another device, either wirelessly or via a wired channel.
- the physical device 110 may be an internet of things (IoT) device, a sensor, and the like.
- the physical device 110 may comprise a display device for displaying information.
- the physical device 110 may comprise an input unit enabling its user to input information into the physical device 110 .
- the physical device 110 comprises a security agent 112 embedded therein, configured to perform security-related operations.
- the security agent 112 processes a message received via communication module 115 , said message comprises a share of a credential to be used by the physical device 110 or by a user of the physical device.
- the security module 112 may also comprise an MPC module 118 configured to perform multi party computations by exchanging information with the security server 130 .
- the credential may be used to authenticate the physical device 110 before an application server such as an e-commerce web, an online storage server, messaging server and the like.
- the process of distributing a credential to the physical device is initiated by a person or by a computerized mechanism, for example a user of the physical device 110 or a mechanism located at the end of an assembly line used to manufacture the physical device 110 .
- the request is sent to the security server 130 via internet gateway 125 .
- the security server 130 runs an MPC process using MPC module 145 .
- the MPC module 118 of the physical device 110 cooperates with the MPC module 145 of the security server 130 to output two shares of the credential.
- the two shares are never stored in a single device during or after the credential creation process.
- one share is stored at the memory module 118 of the physical device 110 and the other share is stored in the credential database 140 of the security server 130 .
- the memory module 118 may be either volatile memory or non-volatile memory.
- the credential database 140 may be stored in the cloud or in a physical server.
- the credential database 140 stores shares of credentials associated with an identifier of a physical device, for example a mac address of a smartphone, a serial number of a wearable device and the like.
- authenticating the physical device 110 by a third party is performed using the share stored in the physical device 110 and the share stored in the credential database 140 .
- the credential is not created in a whole, or stored in a whole during the entire process or generating the shares and using the shares for authentication. That is, the key material never exists thorough the full lifecycle of the key, but can be used by the physical device 110 , for example to sign authentication token, without ever bringing the shares together.
- the security server 130 may also comprise a user interface 132 configured to enable a person to interact with the security server 130 .
- the user interface 132 may be embedded in an electronic device such as a mobile phone, personal computer, laptop, tablet and the like, and communicate with the security server 130 via internet gateway module 138 .
- FIG. 2 shows a computerized environment for provisioning keys into physical devices that lack communication connectivity, according to exemplary embodiments of the present invention.
- the intermediate entity can be used also in case the physical device has communication connectivity.
- the environment shows the physical device 210 , a security server 230 and an intermediate entity 220 .
- the physical device 210 may be a device having electronic capabilities, for example a device capable of generating or transmitting information to another device, either wirelessly or via a wired channel.
- the physical device 210 may be an internet of things (IoT) device, a sensor, and the like.
- the physical device 210 may comprise a display device for displaying information.
- the physical device 210 may comprise an input unit enabling its user to input information into the physical device 210 .
- the physical device 210 comprises a security agent 212 embedded therein, configured to perform security-related operations.
- the security agent 212 processes a message received via communication module 215 , said message comprises a share of a credential to be used by the physical device 210 or by a user of the physical device.
- the security module 212 may also comprise an MPC module 218 configured to perform multi party computations by exchanging information with the security server 230 .
- the credential may be used to authenticate the physical device 210 before an application server such as an e-commerce web, an online storage server, messaging server and the like.
- the process of distributing a credential to the physical device is initiated by a person or by a computerized mechanism, for example a user of the physical device 210 or a mechanism located at the end of an assembly line used to manufacture the physical device 210 .
- the request is sent to the security server 230 which runs an MPC process using MPC module 245 .
- the MPC module 218 of the physical device 210 cooperates with the security server 230 to output two shares of the credential.
- the two shares are not stored in a single device during or after the credential creation process.
- one share is stored at the memory module 218 of the physical device 210 and the other share is stored in the credential database 240 of the security server 230 .
- the memory module 218 may also store a value representing the usage of the share. The value may be adjusted upon request to use the share. Thus, when cloning the physical device 210 , even when obtaining the share, the attacker lacks the updated value as the attacker does not have knowledge of prior use of the credential.
- the credential database 240 may be stored in the cloud or in a physical server.
- the credential database 240 stores shares of credentials associated with an identifier of a physical device, for example a mac address of a smartphone, a serial number of a wearable device and the like. Thus, authenticating the physical device 210 by a third party is performed using the share stored in the physical device 210 and the share stored in the credential database 240 .
- the credential is not created in a whole, or stored in a whole during the entire process or generating the shares and using the shares for authentication. That is, the key material never exists thorough the full lifecycle of the key, but can be used by the physical device 210 , for example to sign authentication token, without ever bringing the shares together.
- the security server 230 may also comprise a user interface 232 configured to enable a person to interact with the security server 230 .
- the user interface 232 may be embedded in an electronic device such as a mobile phone, personal computer, laptop, tablet and the like, and communicate with the security server 230 via internet gateway module 238 .
- the system disclosed in FIG. 2 further comprises an intermediate entity 220 configured to communicate with both the security server 230 and the physical device 210 .
- the intermediate entity 220 is used when the physical device 210 is unable to communicate with the security server 230 , either permanently or temporarily, for example due a technical failure of the physical device 210 or a communication network used by the physical device 210 .
- the intermediate entity 220 may comprise a user interface 222 configured to enable a person to initiate the key distribution process, for example a person involved in the manufacture process of the physical device 210 . In such a case, the intermediate entity 220 may be located in the manufacturing site.
- the intermediate entity 220 also comprises a communication module 225 configured to communicate with the physical device 210 in a non-internet communication channel, for example using wired communication, fiber optics, USB, or wireless communication such as Bluetooth and others.
- the intermediate entity 20 also comprises an internet gateway module 228 configured to communicate with the security server 230 , receive messages from the security server 230 , for example a message comprising a credential share.
- the internet gateway module 228 may also be used to send a request to generate a credential share to the device. The request is associated with an identifier of the physical device.
- the intermediate entity 220 may be an agent running on a personal device, such as a mobile phone or a laptop computer, having internet access to communicate with the security server 230 and another communication mechanism to communicate with the physical device 210 .
- the agent may be used to provide a credential to the physical device outside the manufacturing site, for example in a store, or after the device is purchased.
- Credential distribution may be allowed to a limited number of persons or entities, according to predefined rules, for example according to the type or use of the physical device 210 .
- FIG. 3 shows a computerized environment for authenticating physical devices using MPC, according to exemplary embodiments of the present invention.
- the computerized environment shows a third party server 330 that requests authentication from the physical device 310 .
- Such authentication may be requested when the physical device 310 wishes to access information in the third party server 330 , or input information into the third party server 330 , for example uploading values measured over time into an online database when the physical device 310 is a sensor.
- the third party server 330 requests the physical device 310 to authenticate itself via a credential.
- the physical device 310 only has a share of the credential.
- the physical device 310 and the security server 320 which stores the second share exchange information over the internet to output a result that suffices the authentication process of the third party server without any of the physical device 310 , the security server 320 and the third party server 330 having access to the entire credential during the authentication process.
- the physical device 310 and the security server 320 may frequently refresh the credential shares through the MPC protocol while the entire credential doesn't change.
- a counter may be held by the physical device and the server to verify the same key version is used, as the key may be refreshed periodically or in response to a predefined event. For example, the counter may indicate that this is the 101th version of the credential. After each refresh performed via MPC, the counter is adjusted in both the physical device 310 and the security server 320 , for example by incrementing the value by one (1). This way, cloning of the physical device 310 is prevented.
- FIG. 4 shows a method for provisioning keys into physical devices, according to exemplary embodiments of the present invention.
- Step 410 discloses initiating the process of distributing the credential. Initiating comprises sending a request to the security server to generate the credential. The request comprises an identifier of the physical device, such that the share stored at the security server is used when authenticating or validating the specific physical device.
- Step 415 discloses installing the security agent in the physical device, for example via a USB communication port.
- the security server and the physical device are enrolled, that is trust each other. The enrollment is performed using any method of generating trust between devices, as desired by a person skilled in the art.
- step 430 the security server and the security agent in the physical device perform a multi-party computation that outputs two shares of the credential. Each share is useless without the other share. Generation of the two shares is performed without the entire credential ever stored in either the physical device or in the security server.
- the multi-party computation process may be defined and/or selected as desired by a person skilled in the art.
- a first credential share is stored at the physical device.
- a second credential share is stored in a database included in or associated with the security server.
- the second credential share is stored along with an identifier of the physical device.
- step 460 the physical device receives a request for authenticating versus a third party, for example an application server.
- the physical device communicates with the security server to generate the credential using the first credential share and the second credential share, for example using an MPC process. Then, in step 470 , the physical device is authenticated versus the application server using both shares.
- the physical device may include communication module such as 4G or Wi-Fi. In some other cases, the physical device may communicate with a server via a local hub as an intermediate entity when authenticating and the MPC process used for authentication is performed via that hub.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (18)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/424,675 US10666432B2 (en) | 2016-11-30 | 2019-05-29 | System and method of securing devices using encryption keys |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662427829P | 2016-11-30 | 2016-11-30 | |
PCT/IL2017/051302 WO2018100578A1 (en) | 2016-11-30 | 2017-11-30 | A system and method of securing devices using encryption keys |
US16/424,675 US10666432B2 (en) | 2016-11-30 | 2019-05-29 | System and method of securing devices using encryption keys |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IL2017/051302 Continuation WO2018100578A1 (en) | 2016-11-30 | 2017-11-30 | A system and method of securing devices using encryption keys |
Publications (2)
Publication Number | Publication Date |
---|---|
US20190280857A1 US20190280857A1 (en) | 2019-09-12 |
US10666432B2 true US10666432B2 (en) | 2020-05-26 |
Family
ID=62242429
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/424,675 Active US10666432B2 (en) | 2016-11-30 | 2019-05-29 | System and method of securing devices using encryption keys |
Country Status (2)
Country | Link |
---|---|
US (1) | US10666432B2 (en) |
WO (1) | WO2018100578A1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11374753B2 (en) | 2018-07-27 | 2022-06-28 | Hrl Laboratories, Llc | System and method for selective transparency for public ledgers |
US20200034550A1 (en) * | 2018-07-27 | 2020-01-30 | Hrl Laboratories, Llc | System and method to protect data privacy of lightweight devices using blockchain and multi-party computation |
US11444779B2 (en) | 2018-08-02 | 2022-09-13 | Paypal, Inc. | Techniques for securing application programming interface requests using multi-party digital signatures |
US11632244B2 (en) | 2020-09-14 | 2023-04-18 | Paypal, Inc. | Techniques for single round multi-party computation for digital signatures |
US20240154806A1 (en) * | 2022-11-09 | 2024-05-09 | Arris Enterprises Llc | Anti-cloning of device cryptographic keys for counterfeit prevention |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5150412A (en) * | 1990-04-28 | 1992-09-22 | Nec Corporation | Security module for radio telephone |
US20140089669A1 (en) | 2012-09-25 | 2014-03-27 | Alcatel Lucent | Confidential provisioning of secret keys over the air |
US20140331294A1 (en) * | 2011-11-15 | 2014-11-06 | Rosberg System As | Method of securing a computing device |
WO2016135737A1 (en) | 2015-02-27 | 2016-09-01 | Dyadic Security Ltd | A system and methods for protecting keys in computerized devices operating versus a server |
WO2016172492A1 (en) | 2015-04-24 | 2016-10-27 | Pcms Holdings, Inc. | Systems, methods, and devices for device credential protection |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10690450B2 (en) * | 2015-09-25 | 2020-06-23 | Med-Eng, Llc | Bomb disposal suit with back protector |
-
2017
- 2017-11-30 WO PCT/IL2017/051302 patent/WO2018100578A1/en active Application Filing
-
2019
- 2019-05-29 US US16/424,675 patent/US10666432B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5150412A (en) * | 1990-04-28 | 1992-09-22 | Nec Corporation | Security module for radio telephone |
US20140331294A1 (en) * | 2011-11-15 | 2014-11-06 | Rosberg System As | Method of securing a computing device |
US20140089669A1 (en) | 2012-09-25 | 2014-03-27 | Alcatel Lucent | Confidential provisioning of secret keys over the air |
WO2016135737A1 (en) | 2015-02-27 | 2016-09-01 | Dyadic Security Ltd | A system and methods for protecting keys in computerized devices operating versus a server |
WO2016172492A1 (en) | 2015-04-24 | 2016-10-27 | Pcms Holdings, Inc. | Systems, methods, and devices for device credential protection |
Also Published As
Publication number | Publication date |
---|---|
WO2018100578A1 (en) | 2018-06-07 |
US20190280857A1 (en) | 2019-09-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10666432B2 (en) | System and method of securing devices using encryption keys | |
CN109862041B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
US10447486B2 (en) | Remote attestation of a security module's assurance level | |
US10437985B2 (en) | Using a second device to enroll a secure application enclave | |
JP6646341B2 (en) | Method and apparatus for authenticating a user and method and apparatus for registering a wearable device | |
US8782401B2 (en) | Enhanced privacy ID based platform attestation | |
US10122529B2 (en) | System and method of enforcing a computer policy | |
EP3425842B1 (en) | Communication system and communication method for certificate generation | |
US10609070B1 (en) | Device based user authentication | |
EP2894891B1 (en) | Mobile token | |
US10856146B2 (en) | Electronic device verification | |
US10263782B2 (en) | Soft-token authentication system | |
US8397281B2 (en) | Service assisted secret provisioning | |
JP5380583B1 (en) | Device authentication method and system | |
KR20080043646A (en) | Method and apparatus of transmitting private information using trusted apparatus | |
US9443069B1 (en) | Verification platform having interface adapted for communication with verification agent | |
KR20120080283A (en) | Otp certification device | |
CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
JP6378424B1 (en) | User authentication method with enhanced integrity and security | |
US10979226B1 (en) | Soft-token authentication system with token blocking after entering the wrong PIN | |
JP6404928B2 (en) | User information management system and user information management method | |
JP6315080B2 (en) | Authentication device, authentication system, and program | |
US20240037542A1 (en) | Methods and systems for managing cryptocurrency | |
KR20160099358A (en) | Certification method for cloud document centralized system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
AS | Assignment |
Owner name: UNBOUND TECH LTD., ISRAEL Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MISHLI, OZ;PEER, GUY;VAKULENKO, MICHAEL;SIGNING DATES FROM 20190526 TO 20190528;REEL/FRAME:049368/0490 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
AS | Assignment |
Owner name: SILICON VALLEY BANK, MASSACHUSETTS Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:UNBOUND TECH LTD;REEL/FRAME:052102/0629 Effective date: 20200304 |
|
AS | Assignment |
Owner name: SILICON VALLEY BANK, MASSACHUSETTS Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTED SIGNATUREPAGE FOR THE RECEIVING PARTY PREVIOUSLY RECORDED ON REEL 052102 FRAME 0629. ASSIGNOR(S) HEREBY CONFIRMS THE INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:UNBOUND TECH LTD;REEL/FRAME:052361/0631 Effective date: 20200304 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: UNBOUND SECURITY LTD, ISRAEL Free format text: CHANGE OF NAME;ASSIGNOR:UNBOUND TECH LTD;REEL/FRAME:059909/0240 Effective date: 20210519 Owner name: COINBASE IL RD LTD, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:UNBOUND SECURITY LTD;REEL/FRAME:059380/0994 Effective date: 20220308 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |